OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).
fdd2de57852e1fd9cec19e7c576100a286c2be9c0fff14396e2cffa7e5548fddThere is a directory traversal issue in the Telegram client for Android. The method saveFile in MediaController.java saves a file to external memory based on an optional name that is not filtered. The name is provided by the remote peer when sending a document or music file.
7ffd15f66d899cf5ad6ff6674833eb1870b4935ff336fb675f5220f416be335fThere is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, but for other accounts it will not be. This allows a file to be written anywhere on the filesystem that the Outlook app can access when an attached image is viewed in the Outlook app.
bb3c8a7504d6e8c404b476e897caa56de42f921ba832cc4711f8ae78d2e13e4aWordPress Placemarks plugin version 2.0.0 suffers from a persistent cross site scripting vulnerability.
2ec1a0d99abb5947627baca39e075feb58469c6d5343d02372f0c7228f090bb6WordPress Sagepay Server Gateway For WooCommerce plugin version 1.0.7 suffers from a persistent cross site scripting vulnerability.
a1e26e9a88b4ddfb7ecd7cc345817ca900f281621be4abee4b9fc7cfe1b7235dRed Hat Security Advisory 2017-3477-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.
822ce2a5a2219e619fcb8712952a12baa3716903009d2d8afeb6607985aa478aRed Hat Security Advisory 2017-3476-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.
e524f8ce7b2aeed25d1c47f9cedff0e1cc57e3fbd7aa76b24a33091b5f3ff83dRed Hat Security Advisory 2017-3475-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as a replacement of Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes.
7a80ddd064b974806ee57d0ef30c611ff93aa622e38490ed53afce00dc512af4The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected.
ebb137b7cf5aab3fa821e1160f32d5b277ad4a8d68b147107e0e492f7b821dd4The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected.
acc225bd1b21250c626dc4a00829cd53ab675137c05067793a79cfb388ed3cf7Monstra CMS version 3.0.4 suffers from a remote shell upload vulnerability that allows for remote code execution.
603914e4682e0177547ee6bd36e55a016f2159b8a92243ba90bf9945fe6c0675VLC versions 2.2.8 and below suffer from a type conversion vulnerability in the MP4 demux module.
517f22e30a6a226acec48ea2f884e2b4a520164bd32f90f3aac8dc1b5d910d2aThe nsd binary shipping with multiple camera security systems suffers from a format string vulnerability.
0158af91f1804a0e9359005af8cc870bf882c536878b03e5930291a42bb7217aApple Security Advisory 2017-12-13-6 - iOS 11.2 addresses issues relating to interception, memory corruption, and more. This advisory provides additional information for APPLE-SA-2017-12-6-2.
0700b7d62c4bc3fe36c2ec7cfeb5c1c5e6e09967ad7b4c1009f717451ef3dc57Apple Security Advisory 2017-12-13-4 - iTunes 12.7.2 for Windows is now available and addresses code execution and privacy issues.
aa5097596f2bfaeb9ab9082bdbe17fa9e65549381b08ac0d414c19deb07a1d1cApple Security Advisory 2017-12-13-3 - iCloud for Windows 7.2 is now available and addresses code execution and privacy issues.
7ac83185c9a1a9ac2f52891fd6ae1e94392155c4ba0d8b820fb7de7b325c1d7eThis Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
33807dc92c51e0890223cb5aa8b949a564e99406df84abf4910ba71ac13c7512Bus Booking Script version 1.0 suffers from a remote SQL injection vulnerability.
8ab13efc336295285491e67bb93b942178089de67c2b16923268b0eb37c15fdfFS Lynda Clone version 1.0 suffers from a remote SQL injection vulnerability.
aecd307ca8281200e3bc02c02d5c4c877da634481d5927a9933ff9a81d612574Movie Guide version 2.0 suffers from a remote SQL injection vulnerability.
bbb4bc60fb105f8bc9b27bdfc9e417483f123d816c7a8951b0ed041de206f42aPiwigo version 2.9.1 suffers from a remote SQL injection vulnerability.
391e9323ad2d0e765c5af2177dccde86a5f2dfb908dac96f7f9c21ef991ba6cdPaid To Read Script version 2.0.5 suffers from a remote SQL injection vulnerability.
44f6707002867724e0db26bc31dec80abd0e46f55c7f653e46bca33cdae1db92Readymade Video Sharing Script version 3.2 suffers from a html injection vulnerability.
405097151c57dc24d8d1c4dc18575cb08049480311638242a6184fe7f95ed8f0Joomla! JEXTN Video Gallery component version 3.0.5 suffers from a remote SQL injection vulnerability.
f350a80b80cce843425e64573c055c8d430d4f5d30efa31e19bb4944152ab3d4Joomla! JEXTN Question and Answer component version 3.1.0 suffers from a remote SQL injection vulnerability.
08bb0912ddc75094fa2f2e4f324af6e703f516935f1bf497a0b63d1729432e03
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed